Coldfusion LDAP from Docker Image not working.

Hi All

Adobe CF support suggested updating to JAVA SE 11.0.13 (LTS) inside the docker container. I did this and it resolved the LDAP issue for me.

Support said they will check with "engineering team to update the docker repo with latest Java". I assume at some point a new image will be released.

Thanks

I have a new suggestion for you each to consider. It turns out that Java 11.0.1 introduced a new ldap-specific JVM protection, called ldap strict endpoint identification. You can disable it with this jvm arg:

-Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true

For more, see:

https://www.oracle.com/java/technologies/javase/11-0-1-relnotes.html

It's still not clear why the Docker images might respond differently, but if this helps, at least it's more of a clue that could be shared with Adobe. (If you created that tracker ticket in reporting things to Adobe, I hope you'll share it here, so we can join in there.)

And I hope each of you will confirm if you get to at least try this, so we know you're considering it.

To you both, what's the Java version reported in the cf admin? Or if you prefer to know via code instead, see:

https://www.carehart.org/blog/client/index.cfm/2021/4/5/Confirming-ColdFusions-Java-version-via-CFML-code

It may be that an issue with the Java version is a root cause, such as if you show using 11.0.1 (from 2018) vs 11.0.12 (from July). And yes, I'm proposing that a problem here could lead to the error message being a misleading one (host not found), especially given that you said the ldapsearch WITHIN the container WAS working.

That said, I realize that changing the jvm running within the container that Cf would be set to use is a challenge within containers. It can be done. But let's see first if that's even POTENTIALLY the next step for you both.

Also, please each of you share the url and tag for your Cf2021 image. There are indeed different Cf2021 images in different places, that differ from each other. It could be that a different Cf2021.0.2 image WOULD work. 

Also, you may want to note the image hash (using docker image ls). Even the same image:tag from the same repository could have different versions over time (which is indeed frustrating). 

More than that, do a docker pull to see if you may get a new version of that same image:tag. (Docker doesn't pull a new one on a docker run, or when a container is run via compose. Kubernetes does, if the tag is "latest", which may surprise some that it does a pull in EACH startup of a pod). 

Hi,

Did you get anywhere with this? Also running into the same issue.

An error has occurred while trying to execute query :Could not resolve a valid ldap host

• Update 2: We've installed a fresh ColdFusion 2021 Docker image on a Linux box directly connected to our network and we are still seeing this issue. This narrows the issue down to Adobe Cold Fusion 2021's interaction with Docker and it's ability to do <<cfldap>>.

Update: 

I've just noticed CF version differences between the server that isn't having the problems:
Linux Version: 2021,0,01,325996 (installed a few weeks ago non-Docker)
Local MACOS: 2021,0,02,328618 (Docker)